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REMARKS 

Applicant has thoroughly considered the Examiner's remarks. The application has 
been amended to more clearly set forth the invention. Claim 3-33 and 44-48 are 
presented in the application for further examination. Claims 3, 20, 44 and 48 have been 
amended by this Amendment C and claims 1, 2 and 34-43 have been canceled. 
Reconsideration of the application claims as amended and in view of the following 
remarks is respectfully requested. 

Claims 3 and 44 have been rewritten in independent form. Thus, no new issues 
are presented by this Amendment C and Applicants respectfully request entry of this 
amendment under Rule 116. 

Response to Rejection Based on 35 USC 103 

Claims 1-48 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
the Ginter et al. ("Ginter ", U.S. Patent Application 2002/01 12171) in view of Levergood 
et al. ("Levergood ", U.S. Patent 5,708,780). 

Claims 1 and 2 have been canceled and claim 3 has been rewritten in independent 
form including all the recitals of claims 1 and 2, from which claim 3 depended. Claim 43 
has been canceled and claim 44 has been rewritten in independent form including all the 
recitals of claims 43, from which claim 44 depended. 

Independent claims 3, 26 and 44 each recite the following: 

identifying a party with authority to grant consent (or permission) to the 
client to access the item of user-specific information; and 

displaying a consent menu to the identified party with authority, said 
consent menu prompting the identified party to grant or deny consent to the client 
to access the item of user-specific information. 

Similarly, claim 21 recites: 

identifying a party with authority to grant consent to allow the client to 
complete the access request; and 

initiating a consent request transaction with the identified party with 
authority to grant consent, said consent request transaction inviting the party with 
authority to grant consent to allow the client to complete the access requests. 

The above noted recitals are hereinafter referred to as the "identifying for 
consent" recital. 
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With respect to claims 3, 21, 26 and 44, only claim 3 is addressed in the Office 
action. With regard to claim 3, the Examiner admits that Ginter does not address the 
"identifying for consent" recital and indicates: 



"Ginter fails to disclose obtaining consent from a 
party having authority to grant access , if the client lacks 
access. Levergood discloses selectively obtaining consent, 
from a party having authority to grant access to the client, 
for the client to access the item of user-specific information 
if the client lacks consent as a function of said determining; 
and (Col 6 lines 36-57) At the time the invention was made, 
it would have been obvious to a person of ordinary skill in 
the art to obtain consent from a party having authority to 
grant access, if the client lacks access in the disclosure of 
Ginter. The motivation for doing do would have been to 
obtain a valid SID. (Col 5 lines 42-65)" 

The Levergood reference teaches a system for controlling and monitoring access 

to network servers. In particular, the user is provided with a session identification which 

"allows the user to access to the requested file as well as any other files within the present 

protection domain." (See Abstract of the Levergood reference, emphasis added). In 

particular, the Examiner cites Levergood, column 6, lines 36-57 as teaching the 

deficiencies of Ginter. However, a close look a Levergood reveals that the Examiner is 

misreading Levergood and that Levergood actually teaches away from the "identifying 

the consent" recital. In particular, column 6, lines 36-57 states as follows: 

Whenever the content server redirects the client to the authentication 
server 200, the authentication server initiates the authorization process by 
validating that it is for an approved content server and determining the level of 
authentication required for the access requested 210. Depending on this level, the 
server may challenge the user 212 for credentials. If the request is for a low 
level document, the authentication may issue an appropriate SID immediately 228 
and forego the credential check procedures. If the document requires credentials, 
the authentication server sends a "CHALLENGE" response which causes the 
client browser to prompt the user for credentials 214. A preferred credential query 
typically consists of a request for user name and password. If the user is unable 
to provide a password, the access is denied. The browser forms an authorization 
header 300 from the information provided, and resends a GET request to the 
authentication server using the last URL along with an authorization header. For 
example, a URL of such a GET request may be: 

"http ://auth.com/authenticate?domain=>domain! &URL=http ://content.com/report 
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and the authorization header may be: "AUTHORIZE: {authorization}". (Emphasis 
added). 

Referring to the bolded language above which is emphasized, it is clear that 
Levergood only contemplates challenging the user for credentials. Nowhere in this 
passage is there any suggestion of identifying a party with authority to grant consent (or 
permission) to the client to access the item of user-specific information and displaying a 
consent menu to the identified party, as specified by the "identifying for consent" recital 
of claims 3, 21, 26 and 44. Furthermore, according to Levergood, "If the user is unable 
to provide a password, the access is denied." This teaches away from identifying a 
party as recited by the "identifying for consent" recital because Levergood indicates that 
only the user is able to provide consent. 

The Examiner also argues that column 5, lines 42-65 of Ginter teaches the 

motivation for combining Ginter with Levergood: 

If the request is directed to a controlled page, the content server 
determines whether the URL contains an SID 102. For example, a URL may be 
directed to a controlled page name "report", such as "http://content.com/report", 
that requires an SID. If no SID is present, as in this example, the content 
server sends a "REDIRECT" response 122 to the browser 100 to redirect the 
user's initial request to an authentication server 200 to obtain a valid SID. 
The details of the authentication process are described in FIG. 2B and will be 
discussed later, but the result of the process is an SID provided from the 
authentication server to the client. In the above example, a modified URL 
appended with an SID may be: "http://content.com/>SID!/report". The preferred 
SID is a sixteen character ASCII string that encodes 96 bits of SID data, 6 bits per 
character. It contains a 32-bit digital signature, a 16-bit expiration date with a 
granularity of one hour, a 2-bit key identifier used for key management, an 8-bit 
domain comprising a set of information files to which the current SID 
authorizes access, and a 22-bit user identifier. The remaining bits are reserved 
for expansion. The digital signature is a cryptographic hash of the remaining 
items in the SID and the authorized IP address which are encrypted with a secret 
key which is shared by the authentication and content servers. (Emphasis added). 

However, this part of Ginter teaches redirecting to a server for obtaining a valid SID and 
fails to recognize identifying a party with authority to grant consent or permission 
followed by displaying a consent menu to the party, as indicated by the "identifying for 
consent" recitals of the independent claims. 
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In summary, claims 3, 21, 26 and 44 are patentable because neither the Ginter nor 
the Levergood, taken separately or in combination, teach the "identifying for consent" 
recital. As such, Applicant request withdrawal of the 103(a) rejection of independent 
claims 3, 21, 26 and 44, and of claims 4-20, 22-25, 27—33 and 45-48, depending from 
these independent claims. 
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CONCLUSION 

It is felt that a full and complete response has been made to the Office action and, 
as such, places the application in condition for allowance. Such allowance is hereby 
respectfully requested. Although the prior art made of record and not relied upon may be 
considered pertinent to the disclosure, none of these references anticipates or makes 
obvious the recited invention. The fact that Applicant may not have specifically 
traversed any particular assertion by the Office should not be construed as indicating 
Applicant's agreement therewith. 

The Applicant wishes to expedite prosecution of this application. If the 
Examiner deems the claims as amended to not be in condition for allowance, the 
Examiner is invited and encouraged to telephone the undersigned to discuss making 
an Examiner's amendment to place the claims in condition for allowance. 

Applicant does not believe that a fee is due in connection with this response. If, 
however, the Commissioner determines that a fee is due, he is authorized to charge 
Deposit Account No. 19-1345. 

Respectfully submitted, 
/Frank R. Agovino/ 

Frank R. Agovino, Reg. No. 27,416 

SENNIGER POWERS 

One Metropolitan Square, 16th Floor 

St. Louis, Missouri 63102 

(314) 231-5400 

FRA/ 
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